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1. Introduction — Staying Out of Prison 


This guide aims to enhance your digital security and privacy while living in 
a surveillance state. Corporations and Law Enforcement (LE) work together 
to monitor and gather evidence against people participating in mutual aid 
and direct action. 


Of course, we have diverse perspectives, and some may choose to focus on 
direct action and mutual aid over security and privacy. But because we have 
moved into the era of cyber-capitalism, it will be impossible to create 
effective change if we are aren’t conscious of our digital footprints. 


You can significantly increase the chances of ‘getting away with it’ as well 
as increasing the chance of your case being dismissed, or decrease time 
served, by not giving LE the evidence they need from your digital devices 
and online presence. 


LE uses proprietary technology bought and sold from private companies 
such as Zerodium and NSO Group, to help them monitor our activities. 
These technologies or exploits are often much more advanced than anything 
the public has available. 


LE may use these highly illegal and confidential methods which are unable 
to be proven in court, but may tamper with the chain of custody to make it 
appear as though they acquired the evidence legally. 


Because of this, for certain actions, the best operational security is by 
staying off phones and computers altogether. Leave them at home. Don’t 
discuss anything sensitive over regular texting, messaging over social media, 
or email. 


It’s safe to assume if you’re on an Apple or Microsoft product, the words 
you type could be captured before they can be encrypted. This information, 
along with your device location at any given time could later be obtained via 
warrant or the proprietary methods mentioned earlier. 


That being said, it is a calculated risk to use our devices to communicate 
with our peers to create effective change, as well as preserving the privacy 
that we all have a right to. The best we can do is reduce risk as much as 
possible by reducing the amount of evidence we give them. 


The following are a few highly effective methods to keep you out of prison. 
If some of them seem over the top, remember that you can always stay off of 
electronics and have conversations with people you trust deeply, away from 
devices. Even better is not talking to anyone about your actions. The 
strongest digital footprint is no footprint at all. 


We won't dive into the nitty gritty technical aspects of each method, which 
could leave this guide inaccessible. If you’re curious about any of the 
methods or technologies used, we encourage you to research and find out for 
yourself if it’s worth the effort. But it goes without saying that these 
methods have been used by many people around the world, including 
ourselves, to avoid lengthy sentences in prison. 


2. Lock It Down 


a. Signal — This application has become popular for good reason. It 
provides strong end to end encryption texting on mobile devices. 
Signal is by default a better choice because it is open-source and 
doesn’t have corporate interests behind it. This has an advantage over 
such apps as Telegram, WhatsApp, or Wickr, which do have 
corporate interests behind them. 


Be sure to set an expiration timer for your messages, the less time the 
better, perhaps a few minutes to several hours. 


You can do this by clicking on the contact’s name and selecting 
‘Disappearing Messages.’ Give your phone a strong password that 
isn’t something easily guessable. Do not use the desktop version of 
Signal, which is continually being exploited. 


If caught, Digital Forensics teams will certainly go through your 
phone, using software such as Cellebrite. They may obtain a warrant 
to unlock your phone and go through your texts, including Signal 
texts. That’s why it’s important to have disappearing messages 
enabled. 


b. VeraCrypt — Like Signal, VeraCrypt will keep you out of a ton of 
trouble. It will fully encrypt the hard drive on your computer. If LE 
were to come and seize your devices and hand them over to their 
Digital Forensics team, they would be very frustrated and out of luck 
to find out you’re using VeraCrypt. It basically makes their job 
impossible in extracting information from your computer, and they 
would not have any evidence they could use in court. 


However, they will try a ton of passwords to try and unlock your 
encrypted drive. Use a very long password for VeraCrypt (and all of 
your devices and accounts), such as a phrase perhaps from a book, 


movie, or song you like. Do not write the phrase down anywhere. 
Separate the words of the phrase by a special character such as 
brackets, hyphens, periods and so forth. For example: 

Row ]your]boat]gent1 y]down]the]Stream —this password set on 
VeraCrypt will certainly protect you against brute force password 
attacks they could attempt on your hard drive. The only way they 
could bypass VeraCrypt is if they obtain your computer while it's still 
open, where they could then retrieve the key to decrypt your drive. 


Turn off your computer when not in use, and if you hear a knock at 
the door, turn off your computer to lock it. The same goes for if 
you're expecting company, which LE may use as a gateway to 
entering your home before you have a chance to turn the computer 
off. You can also set a scheduled task to turn off (which will lock) 
your computer after a certain amount of time, or when closing the 
laptop, etc. 


. Virtual Private Networks — Many have also heard of Virtual Private 
Networks, or VPNs, which are a crucial aspect of more day-to-day 
device usage and not as much for more intensive security. VPNs 
encrypt all internet traffic, and depending on which VPN you use, 
can help against surveillance. If LE or a cybercriminal is on your wi- 
fi, they can easily sniff your traffic if you aren't using a VPN. 


They may eventually realize you're using a VPN and subpoena the 
provider for logs on your activity. The main issue is whether or not 
the VPN keeps logs, which can be retroactively scoured by LE. We 
recommend using Mullvad VPN, which is relatively inexpensive and 
doesn't keep logs. Even if LE were to contact Mullvad for your logs, 
they simply wouldn't have any to give them. 


Look into using Firefox and disabling WebRTC, which can leak your 
IP address. In Firefox, enter about:config into the search bar, then 
enter media.peerconnection.enabled and set it to false. 


d. The Onion Router — The Onion Router, or TOR, is a powerful tool in 
providing a high level of anonymity and security. Journalists and 
activists under oppressive regimes use it to access internet and 
communications they otherwise wouldn’t be able to. TOR is also 
used to access the dark web. 


It works by encrypting all internet traffic through thousands of 
‘nodes.’ The barebones access to TOR is through Tor Browser, which 
generally works well. But Tor, like anything else, isn’t 100% 
foolproof. You still have to exercise caution, for example setting it to 
‘Safest’ mode in the browser’s settings so that Javascript is disabled. 


Using Tor with a VPN is a controversial topic. We personally think a 
VPN with Tor doesn’t hurt or help it much, as long as you turn on the 
VPN before accessing Tor Browser. Your internet service provider 
can see that you’re using Tor Browser, and you can make it more 
difficult for them by enabling ‘bridges’ within Tor Browser. You can 
request a private bridge from the TOR project itself. That being said, 
there is a much more secure way to access TOR nodes. 


e. Tails and Other Virtual Machines — By far the most secure method 
you can use is a Tails live boot USB stick. Tails is a privacy and 
anonymity-focused operating system that routes all of its traffic 
through TOR. Tails stands for ‘The Amnesiac Incognito Live 
System’ and can be run from a USB stick. We highly encourage you 
to run Tails from a USB stick. It’s very easy to set up and protects 
you a great deal. 


One of the best parts is that Tails will never touch your hard drive if 
run from a USB stick, and you can just pull the USB stick out quickly 
and it will shut down, leaving no trace. Then you’ll never have to 
worry about your hard drive being confiscated. This has kept many 
people out of trouble. With a few minutes of research, you can set up 
Tails via USB and be well on your way to advanced operational 
security. 


Other operating systems such as Whonix are effective virtual 
machines, basically a computer within a computer. You’ll need to 
install VirtualBox in order to run virtual machines. Whonix also 
routes its traffic through TOR, but doesn’t have the advantage of a 
complete wipe by quickly pulling out the USB stick. Virtual Machines 
are at a disadvantage in that clicking on the wrong link could break 
out of the VM and reveal your location. Once again, Tails via USB is 
the best way! 


It will open up, ask you to connect to wifi, then you open Tor Browser 
inside of Tails. Click the shield on the top right and select Safest mode 
to disable Javascript. Always update your Tails to the newest version, 
and you can select the option to run TOR through a bridge, which can 
hide the traffic from your Internet Service Provider. 


f. Email -Some may recommend ProtonMail, but they’ve cooperated 
with LE before and also require legitimate email confirmation. 
Gmail, Yahoo and other such major providers definitely log 
information (including emails you delete) and cooperate with LE 
constantly. 


It’s much better to use anonymous services over TOR such as 
elude.in, dnmx.org, onionmail, and others. If using an email service, 
double check that it’s not something that would give up information 
if requested by LE. Never connect these to your name or legitimate 
“clear web” personal addresses or information. Change emails often. 
We recommend using Tails when accessing these sites. 


If you want to take it to the next level, look into PGP (Pretty Good 
Privacy) encryption for your emails. This takes a bit more effort but 
has been invaluable for activists in the past. If some site you don’t 
plan on using much requires an email verification, you can use 
temporary email services such as temp-mail and many others. 


3. Data Destruction 


a. Deleting Files — If you are on a regular Windows or Mac, when you 
delete a file and clear the recycle bin of your computer, that file isn’t 
deleted at all and can be easily recovered by Digital Forensics teams 
in multiple ways. When the recycle bin is cleared, it’s only marked to 
be overwritten by other files. 


There are a few methods to work around this. For Windows you can 
use SDelete from SysInternals. For Mac there is secureErase and srm, 
and for Linux there is shred. A method we like is using the program 
Picocrypt, which you can drag and drop your file onto and it will 
encrypt that file into chunks. Set it to generate a long password (which 
you don’t need to know), enable all the settings including splitting it 
into chunks, then change the name. Then delete and clear those 
encrypted chunks from the recycle bin, or use SDelete on the 
encrypted chunks to be completely sure. 


If on Windows, a quick way to overwrite files you’ve “deleted” from 
your Recycle Bin is by the following: 


-Open Command Prompt on your computer, right click and Run As 
Administrator. 


-Enter “cipher /w:C" 


This may take some time, but will overwrite any unused available 
space in your C drive. 


To be honest, Digital Forensics teams still have tons of methods of 
gathering evidence of what you’ve deleted, despite using secure 
deletion. For example they can inspect Shellbags, Usn Journal, 
Thumbnail cache, and many other artifacts left over on the machine to 
see what has been deleted. 


This is why it’s so important to use VeraCrypt so they can’t even 
get to that point, and it may come to destroying the hard drive 
altogether. 


For more tools and tips, including disabling artifacts such as Usn 
Journal, search “Hacktricks Anti Forensics”. 


b. Destroying Hard Drives — If you aren’t using the live boot USB stick 
method and keeping everything on a hard drive, there’s a chance you 
will need to destroy all evidence at some point. The most accessible 
option would be taking the hard drive out, using a power drill to 
make holes into the hard drive, or hammering nails into it, and/or 
burning the hard drive to a crisp. Whatever you do, dispose of it far 
from your residence. Garbage dumps can be traced back to 
residences. 


There are also hydraulic presses, incinerators, industrial shredders and 
others for destroying the hard drive. If not using a power drill, it’s best 
to burn it or smash it into pulverized powder. Hard drives can still be 
recovered if there are big enough chunks. Search more information on 
destroying hard drives if needed. Do not use third party data 
destruction services. 


4. Phones 


a. 


b. 


Burners — Using a Burner is a risky and mostly a redundant method 
but can be necessary in some cases. It’s almost better to use a 
radio/walkie talkie with a police scanner for short term actions. But 
in the case of a burner phone or burner SIM, pay for it with cash 
(more information below) and dispose of it shortly after using. Don’t 
have a burner for long term use. Leave your phone at home when 
buying it, and don’t activate it near your home or with your personal 
phone. Have someone in the store activate it. 


The main benefit of a burner phone in our opinion is that, because 
Signal will have your phone number locked in, you can use a burner 
SIM card for Signal. 


But because of the nature of cell towers and network surveillance, 
never have your burner phone/SIM anywhere physically near 
your personal phone, your home, or your peers’ phones or 
computers/home networks. If you don’t have somewhere to put it, 
keep it in a Faraday bag and bury it somewhere far from your 
residence. Always use Signal if not on a flip phone. Turning off your 
phone or using airplane mode does nothing for countersurveillance 
measures. 


You have to take out the SIM card and place the phone in a Faraday 
bag. To dispose of the phone, take out the SIM card, smash the SIM 
card and flush the phone and SIM card in a public bathroom or drop 
it in a sewer hole somewhere. You can also burn the burner! 


Faraday bag — A faraday bag is basically a shielded container 
designed to block electromagnetic signals. Faraday bags can be 
made, but better to purchase one from a vetted producer of faraday 
bags. You can keep your burner in the faraday bag, then placed in a 
plastic bag and perhaps bury it somewhere, bringing it out far away 
from your personal phone. It’s very important to never let your 


burner be close to your personal phone or home internet connection, 
as devices remember other devices it’s been near, as well as cell 
towers it’s connected to and this logged information can be 
retrieved and correlated by LE. 


The reason that burners need to be disposed of quickly is that LE 
(mostly intelligence agencies) can detect when a phone ‘blips’ in and 
out of service because of a faraday bag. Again, burners may be more 
trouble than they’re worth, but could be necessary in some cases. The 
main advantage is using a burner SIM with Signal. 


5. Money 


a. Cash and Gift Cards — Cash can’t be traced like your credit and debit 
cards can. Cash can also be used to buy gift cards, which can be used 
to order things online (via VPN or Tor.) Remain anonymous if 
buying such a gift card for such purposes, by wearing a face mask 
and covering anything recognizable such as tattoos, hair, or clothing 
that stands out. Don’t wear easily identifiable clothing, such as 
something purchased from an Etsy store (people have been caught 
this way.) 


If purchasing items for an action, purchase them at different stores 
on different days in cash. Park away from the place where you are 
purchasing goods, and leave your phone at home. 


b. Monero — You may have heard of Bitcoin, and many have gotten 
busted for thinking Bitcoin is untraceable. Monero is a 
cryptocurrency that is truly untraceable. There is heavy research 
behind this that we recommend looking into. You can purchase it 


6. Linux 


with bitcoin or other methods such as Cashapp, on sites like 
AgoraDesk and LocalMonero. Be sure to set up a Monero wallet on 
your computer, which you will send the funds to when the purchase 
is complete. And use a VPN when accessing your Monero wallet on 
your computer. Or, look into other Monero wallets that you can send 
between to obfuscate your trail. Then, you can send the Monero in 
randomly-timed increments to another wallet. The main thing is to 
not keep the Monero on the market you bought it from. 


. Uses — As mentioned in the beginning of the guide, Microsoft and 


Apple products are compromised by default. This includes Windows, 
Mac, Android, iPhone, and more. They keep track of what their users 
are doing, and will hand information over to LE if requested. And if 
they don’t hand the information over, LE will use exploits from 
brokers such as Zerodium. You can find more information on that by 
searching ‘apple fbi exploit zerodium.* 


A much better alternative is to buy a cheap Linux laptop off of ebay or 
craigslist, using user friendly operating systems such as Ubuntu. 
Linux is open source and not locked into corporate authoritarian 
interests. 


Once you have the Linux laptop, use the Tails live boot USB stick for 
maximum security. There would be no need for VeraCrypt or a VPN 
in that case. 


There have been cases where LE intercepts a computer ordered 
online, planted spyware on the device, and then shipped it to the 


recipient. Instead, you could purchase a laptop from a pawn shop, 
wipe the operating system and set it to Linux. 


7. Loose Lips Sink Ships 


a. Phishing — LE may use phishing as a means to gather credentials for 
your accounts or execute a payload on your device. Obviously the 
same goes for cybercriminals. If the email contains a link or 
attachment, or suggests you to do something (especially if it has an 
urgent or authoritative energy) always double check the full sender 
name of the email. If there is anything suspicious about it at all, don't 
click on the link, don't open the attachment, don't do what they tell 
you. 


Emails can also be spoofed, appearing legitimate, and requires you to 
look into the header of the email to determine if it's legitimate. We 
encourage you to search information on investigating email headers to 
determine if the email is legitimate or not. This is usually by checking 
the spf, dkim, and dmarc of the email. In any case, it's best to use the 
anonymous, Tor-based email services and change your email 
frequently. 


b. K.LS.S. — Keep It Silent Sweetie! Many people have engaged in 
direct action and mutual aid have done everything right to cover their 
tracks. They've gone through all the trouble of evading physical and 
digital forensic expertise, only to talk about their actions to someone. 
It's worth mentioning that friends, family members, lovers or peers in 
direct action could very well be turned an informant by LE. This 
doesn't mean accusing everyone you know of being a fed, it just 
means staying silent in regards to actions. 


They may subtly try to get you to divulge information on an action, 
after or before the action occurs. This doesn’t necessarily mean 
they’re a fed, but a fed may coerce the people close to you. Feds also 
infiltrate activist groups for entrapment and reporting on actions. For 
this reason, never talk about your action or other sensitive illegal 
activities with anyone. Even if the person you trust isn’t wearing a 
wire, you can’t control who they talk to. 


If you’ve done an action with someone, and weeks, months or years 
later, one of them starts bringing it up and wants to talk about it, don’t 
even pretend like you know what they’re talking about. Stay oblivious 
and divert the conversation to something else. 


And of course, under no circumstances is it a good idea to talk to LE, 
which may prove difficult in the heat of the moment after an action if 
you’re caught. They will coerce and lie to you to get you to divulge 
information. They often say that your sentence will be reduced if you 
just admit to it on the spot, which is a lie. Remain silent and ask for a 
defense attorney. 


Don’t post about your actions on social media, or contact activist 
groups about your actions in the hopes you will rile up the people who 
already agree with you. This is a grave risk to operational security. 


There are no bragging rights involved in the work we do. 


Let the results speak for themselves. 


8. Physical Anti-Forensics 


a. Creating a Clean Room — This information only necessary for certain 
scenarios, for the construction of objects related to actions. Because 
DNA forensics have reached the point of only needing a microscopic 
skin flake, there is a need for clean rooms in some cases. 


To set up aclean room, choose a location where your hair and skin 
flakes are not already floating around. The location should also be free 
of hairs from a dog, cat, or another animal companion that LE would 
consider to be “your pet.” Rent a motel room or set up a tent in the 
woods. Use a brand new tent and keep someone outside the tent as a 
lookout. After you are done working, you can return the tent in a 
distant city. 


Before entering the clean room, cover as much skin as possible. Buy a 
disposable painter’s suit or medical supply suit, which are only a few 
dollars. Make sure it covers the head. Get a shower cap that 
completely covers your hair. Use a surgical mask in addition to the 
disposable suit, and a plastic shield mask couldn’t hurt. 


Keep gloves on whenever you are in that same room / area. Use two 
layers of latex gloves, or wear a single layer of latex gloves over some 
tightly fitting cloth gloves. Do not absentmindedly touch something 
without gloves. Do not scratch your head or rub your face when 
wearing gloves. 


Use disposable shoe covers over shoes, or disposable boot covers 
which reach further up the legs. This ‘outfit? may seem like an 
extreme method, but it’s necessary to evade DNA forensics. This also 
applies for actions away from clean rooms. In this case, use a 
disposable suit that doesn’t have bright colors, and dispose of it 
quickly after use via burning or a dumpster far from where you live. 


9. Miscellaneous 


a. Keyboards & Mice — Wireless keyboards and mice can have their 
keystrokes and clicks intercepted through various methods, especially 
if LE is parked nearby with a godforsaken surveillance van. Use a 
laptop or wired keyboard and wired mouse if on desktop. 


b. Wi-Fi - This method is a bit extra but it’s worth mentioning. You can 
purchase an antenna such as a Yagi and use the wifi from a coffee 
shop or library etc., up to a mile away. If using a car, park away from 
cameras. Encrypt your internet traffic via VPN or Tor, otherwise 
your internet traffic can be seen on the network. 


In any case, you may need to change your MAC address, which is the 
physical / hardware address associated to your computer, and can be 
traced back to your device if LE asks for the logs of that wi-fi's 
traffic. 


There are various methods for changing/spoofing the MAC address. If 
you're on Windows, go to Settings > Network > and enable 
Randomize Hardware Address. Additionally, click on your wi-fi 
within the Settings » Network menu, go to properties, and enable 
Randomize hardware address or set it to Change Daily. For Linux, 
there are tools such as macchanger. 


If using public w-fi, alternate locations and don't visit the same public 
wi-fis consistently or in a predictable manner. 


c. Steganography — Steganography is the practice of hiding files within 
a file, such as hiding text within a video, music file or picture, or 
making a paragraph smaller than a period which has to be zoomed 
into. It may be worthwhile if you're interested in obfuscating 
information, although there may be artifacts leftover showing that 


steganography was used. Look into advanced practices of 
steganography if you’re interested. 


d. EXIF Data — EXIF Data contains hidden information (metadata) 
inside of photographs and pictures, such as when and where the 
photo was taken. If sending pictures, we recommend looking into 
tools that remove or spoof EXIF data, such as exiv2. Signal removes 
this data by default. 


10. Closing Notes 


-Leave your phone at home. 


-Memorize the jail support number local to your area. Having the number in 
your pocket or written on your body has been used as evidence by 
prosecutors. 


-Security cameras will track license plates along roads, also known as 
License Plate Recognition. 


-If there are no cameras in an area, LE will gather nearby home security 
footage and car cameras to use as evidence. Because of this, it’s worth 
performing initial reconnaissance of an area during the planning of an 
action. 


-It’s best not to attend big activist meetings or activist parties/concerts, 
which have been targeted and raided by LE. They will now charge for 
domestic terrorism for even being at such events. Some may feel that 
avoiding such events will disconnect them from their community, but there 
are plenty of other ways to connect with and show support for your loved 
ones. 


-Mullvad is a decent choice for a VPN at this point in time. You can pay for 
it with gift cards or Monero. Make sure WebRTC is turned off in your 
browser. Enable multi-hop on Mullvad. 


-Search engines such as DuckDuckGo care more about privacy than Google. 
“Incognito mode" still sends information to the browser provider. 


-Firefox cares about privacy more than Chrome or Safari. Tor Browser cares 
even more. Don’t install extensions on your browser, they can be malicious 
or used to track your information. 


-Don’t talk about your actions, especially not over texting, clear web email 
or social media. Signal (with frequently disappearing messages) and PGP 
over Tor-based email are your best bet otherwise. In person, away from 
devices or writing down and then sharpie over the writing or flush/burn the 
writing. 


-Tails over live boot USB stick in a Linux laptop will take you to another 
level of privacy and security, as it never touches the hard drive. Otherwise, 
use VeraCrypt to encrypt your drive. 


-Cookies will track you, but more importantly an Evercookie will persist on 
your machine. This isn’t a problem with a live boot operating system such as 
Tails. 


-Use long, complex phrase passwords, separated by special characters. Do 
not reuse passwords on any accounts. Use completely separate phrases, but 
ones that you can remember. Do not write passwords down. 


-Use a webcam covering over the webcam on your computer. 


-If using public wifi, alternate locations and use a privacy screen that fits the 
monitor of your laptop. Keep the screen away from cameras and sit away 
from the cameras if possible. In this case, definitely use Tails via USB. 


-If you are posting activist material and infographics all over social media, 
that can be used by prosecutors as evidence of malicious intent, including if 
your account is set to private. 


-TOR can be used to access the dark web, which can give you access to real 
pharmaceutical life-saving medication, hormones, abortion pills, and more. 
Check out dark[.]fail and do plenty of research, including the use of Monero, 
before going down that path. 


Some of these methods may seem a little over the top, but that’s because 
we’re playing an asymmetrical game against the state. There’s no need for 
these tactics if you aren’t concerned with privacy, mutual aid and direct 
action. If you are concerned with those things, know that prosecutors will 
hand out domestic terror charges on a whim these days and we have to adapt 
accordingly. 


This guide isn’t foolproof or timeless. It’s up to you to weigh the potential 
risks and benefits of each action. There may be a certain amount of risk 
you’re willing to accept. But if you’re serious about maintaining operational 
security in the long term, you'll have to keep your finger on the pulse of new 
methodologies, because the feds are too. 


Of course, nothing in this guide will matter if you decide to rat on your 
peers. If caught during an action, LE may try to coerce you into becoming an 
informant in exchange for reduced time or no time at all. There have been 
many cases where activists didn't comply with this, didn't become an 
informant, and still had their time reduced or case dismissed. We hope you 
have the courage to do the right thing. 


Be safe. If you follow the steps in this guide, you can feel good knowing 
you've leveled the playing field as much as possible. 


They can't hurt you if they can't catch you. 
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